BurnyLlama/ddstats-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed SQL bullshit...

Browse Source
This commit is contained in:
BurnyLlama 2021-11-01 19:51:31 +01:00
parent 0c234c89d9
commit f91be3aa28
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
libs/database/searcher.js
View File

@ -2,6 +2,10 @@ import { sqlite } from './init.js'
const entriesPerPage = process.env.ENTRIES_PER_PAGE ?? 50 const entriesPerPage = process.env.ENTRIES_PER_PAGE ?? 50
function simpleSanitize(str) {
return String(str).replace(/\s/g, "")
}
/** /**
* This is a 'general' search function for the sqlite database... * This is a 'general' search function for the sqlite database...
* *
@ -24,12 +28,11 @@ export default function searcher(table, matchField=undefined, matchQuery=undefin
method === "get" ? 0 : method === "get" ? 0 :
parseInt(sqlite parseInt(sqlite
.prepare(` .prepare(`
SELECT count(*) FROM $table SELECT count(*) FROM ${simpleSanitize(table)}
${!matchField ?? "WHERE $matchField = $matchQuery"} ${matchField ? `WHERE ${simpleSanitize(matchField)} = $matchQuery` : ""}
`) `)
.get({ .get({
table, matchQuery
matchField, matchQuery
}) })
) )
@ -38,15 +41,13 @@ export default function searcher(table, matchField=undefined, matchQuery=undefin
const result = sqlite const result = sqlite
.prepare(` .prepare(`
SELECT * FROM $table SELECT * FROM ${simpleSanitize(table)}
${!matchField ?? "WHERE $matchField = $matchQuery"} ${matchField ? `WHERE ${simpleSanitize(matchField)} = $matchQuery` : ""}
${!orderBy ?? `"ORDER BY $orderBy" ${descending === true ? "DESC" : "ASC"}`} ${orderBy ? `ORDER BY ${simpleSanitize(orderBy)} ${descending === true ? "DESC" : "ASC"}` : ""}
${method === "all" ? `LIMIT ${entriesPerPage * (page - 1)}, ${entriesPerPage}` : ""} ${method === "all" ? `LIMIT ${entriesPerPage * (page - 1)}, ${entriesPerPage}` : ""}
`) `)
[method === "all" ? "all" : "get"]({ [method === "all" ? "all" : "get"]({
table, matchQuery
matchField, matchQuery,
orderBy
}) })
// This check should work? // This check should work?